It prevents the internal network from being used in spoofed denial of service attacks and logs any exit to the Internet.

It filters incoming traffic from private addresses in order to prevent spoofing and logs any intrusion attempts.

It prevents private internal addresses to be accessed directly from outside.

Answer: C

Question No: 54 – (Topic 5)

How is network layer addressing accomplished in the OSI protocol suite?

Internet Protocol address

Media Access Control address

Packet Layer Protocol address

Network Service Access Point address

Authority and Format Identifier address

Answer: D Explanation:

OSI network-layer addressing is implemented by using two types of hierarchical addresses:

network service access-point addresses and network-entity titles.

A network service-access point (NSAP) is a conceptual point on the boundary between the network and the transport layers. The NSAP is the location at which OSI network services are provided to the transport layer. Each transport-layer entity is assigned a single NSAP, which is individually addressed in an OSI internetwork using NSAP addresses.

Question No: 55 – (Topic 5)

Which traffic does the following configuration allow?

ipv6 access-list cisco

permit ipv6 host 2001:DB8:0:4::32 any eq ssh line vty 0 4

ipv6 access-class cisco in

all traffic to vty 0 4 from source 2001:DB8:0:4::32

only ssh traffic to vty 0 4 from source all

only ssh traffic to vty 0 4 from source 2001:DB8:0:4::32

all traffic to vty 0 4 from source all

Answer: C

Question No: 56 – (Topic 5)

What two situations could require the use of multiple routing protocols? (Choose two)

when using UNIX host-based routers

when smaller broadcast domains are desired

because having multiple routing protocols confuses hackers

when migrating from an older Interior Gateway Protocol (IGP) to a new IGP

when all equipment is manufactured by Cisco

when there are multiple paths to destination networks

Answer: A,D Explanation:

Simple routing protocols work well for simple networks, but networks grow and become more complex. While running a single routing protocol throughout your entire IP internetwork is desirable, multiprotocol routing is common for a number of reasons, including company mergers, multiple departments managed by multiple network administrators, multivendor environments, or simply because the original routing protocol is no longer the best choice. Often, the multiple protocols are redistributed into each other during a migration period from one protocol to the other.

What are the effects of this RIP configuration on router RTA? (Choose two)

no routing updates will be sent from router RTA on interface BRIO to router RTX

router RTA will not advertise the 10.0.0.0 network to router RTX

the route to network 172.16.1.0 will not be entered into the routing table on router RTA

user traffic from the 172.16.1.0 network is denied by access-list 44

the routing table on router RTA will be updated with the route to router RTW

Answer: C,E Explanation:

Distribute list are used to filter routing updates and they are based on access lists. In this case, an access list of 44 was created to deny the route from network 172.16.1.0/24 so this route will not be entered into the routing table of RTA. But the route from RTW can be entered because it is not filtered by the access list A and B are not correct because the distribute list is applied to the inbound direction of interface BRI0 so outgoing routing updated will not be filtered.

Distribute list just filters routing updates so user traffic from network 172.16.1.0 will not be denied.

Question No: 58 – (Topic 5)

Which three statements are true when configuring redistribution for OSPF? (Choose three)

The default metric is 10.

The default metric is 20.

The default metric type is 2.

The default metric type is 1.

Subnets do not redistribute by default.

Subnets redistribute by default.

Answer: B,C,E

Question No: 59 – (Topic 5)

Observe the exhibit.

If the command variance 3 were added to RTE, which path or paths would be chosen to route traffic to network X?

E-B-A

E-B-A and E-C-A

E-C-A and E-D-A

E-B-A, E-C-A and E-D-A

Answer: B Explanation:

Advertised distance of RTD is greater than FD of RTE-RTC-RTA, so the route through D will not be used.

Question No: 60 – (Topic 5)

Refer to the exhibit.

On the basis of the partial configuration, which two statements are correct? (Choose two.)

Only routes matching 10.0.1.0/24 will be advertised out Ethernet 0.

Only routes 10.0.1.0/24 will be sent out all interfaces.

Only routes 10.0.1.0/24 will be allowed in the routing table.

Only routes matching 10.0.0.0/8 will be advertised out Ethernet 0.

Only routes matching 10.0.0.0/8 will be advertised out interfaces other than Ethernet 0.

All routes will be advertised out interfaces other than Ethernet 0.

Answer: A,E Explanation: Explanation

In this case, the following algorithm is used when multiple distribute-lists are used:

First check which interface is being sent out. If it is Ethernet 0, distribute-list 2 is applied first. If the network is denied then no further checking is done for this network. But if distribute-list 2 permits that network then distribute-list 1 is also checked. If both distribute- lists allow that network then it will be sent out.

If the interface is not Ethernet 0 then only distribute-list 1 is applied.

Now let’s take some examples. If the advertised network is 10.0.1.0/24, it will be sent out all interfaces, including Ethernet 0. If the advertised network is 10.0.2.0/24, it will be sent out all interfaces, excepting Ethernet 0. If the advertised network is 11.0.0.0/8, it will be dropped.

Note: It is possible to define one interface-specific distribute-list per interface and one protocol-specific distribute-list for each process/autonomous-system.